Social Stack for New Social Contracts:
We believe that the emergence of a new global “social layer” to the Web is without exaggeration, a new evolutionary phase for our species – a global ecosystem that is wholly synthetic, social, and increasingly sentient and self healing. Just as the Industrial Revolution redefined us and our relationship to Nature, so too will this fusion of the digital and physical introduce very different realities and possibilities. In short, there will be a new set of norms for all levels and aspects of society. In the language of evolutionary biology, these norms are “fitness functions” that will select for those biological and social expressions that are most “fit” in the context of this hybrid- digital ecosystem. Hence, we are in the process of creating for ourselves a new, highly immersive ecological niche, out of which will come New Social Contracts.
This is not speculation. Most people do not realize that these technologies are here today. We are at that early design point where the combination of scientific and humanistic imagination can realize the startling prospect of a global social ecosystem to unlock knowledge, opportunity, and social trust in ways unimaginable. Yet at the same time, these same technologies with their surveillance and predictive powers can result in a dystopian nightmare. The intent here is to draw attention to but a few of of the broader policy implications of the Social Stack ( Core Identity, Identity Management and Authentication, Trust Frameworks, Core Services, and Applications) in terms of how they might effect the framing of a New Social Contract.
Clearly, this discussion can only be suggestive of the issues, but as such, it is necessary to begin a more involved and nuanced conversation. At the same time, this policy discussion is accompanied by a complementary investigation of the status of the relevant technologies in the social stack. This typically is not done, as there tends to be a huge chasm between policy and legal formulations and technology. Our view is that the two cannot be separated; specialist of either camp can no longer feign ignorance of the other. There really has to be an integrated understanding. One cannot discuss, for instance, – self -governance, transparency, accountability, authority legitimacy, efficacy, collusion free, risk absorption, incentives, corruption resistant, resilience, efficacy- without consideration of the technologies needed to implement theses principles. It is our contention that many “policy issues” are really matters of efficacy of implementation. Hence, what is needed is not a venue of “debate and “horse trading” but real world experimentation with actual deployments of governance and trust framework technologies.
Core Identity Layer
This can be a complex and confusing topic. What it boils down to is - who or what authority has the right to certify to another party who I am? Am I the physical, living, breathing, behaving person I assert myself to be? This is not something we normally think about, but with the arrival of the big data ecosystem, it becomes a critical – foundational issue to privacy and basic human rights. It is the very ground upon which everything else rests, and if it is skewed, wobbly, or incomplete, the whole artifice of trust and transparency of the Social Stack collapses.
Typically people think of the Government as the issuer of a core identity – through a National Identification Card, or even through the issuance of a driver’s license, or Social Security Card. But when one really thinks about it, does the State really need to have all that information about me and can it really be relied upon to use it in a trusted and freedom preserving manner? The answer to that question in large measure depends upon where you live and how much you trust your government. Wherever one lives, however, concentration of information leads to the concentration of power – and as Lord Chesterton noted, “absolute power corrupts absolutely”. In the new big data ecosystem – and social layer – the amount and power of data – from monitoring mobile phone usage and movements, financial records and purchases, video surveillance, school and medical records – combined with machine learning and data mining – the temptation for wrong doing and abuse are enormous. Hence, data concentration needs to be disincentivized and “designed out “ whenever possible.
The position taken by ID3, and one its shares with the Jericho Forum (a global association of security professionals) and many others, is that every global citizen of the network should have control over their “core” – biological – living identity. In other words, the State does not have the inherent right to tell you who you are. In making one’s “social contract” with the State, one does not have to surrender individual sovereignty. Think about it: Does one’s sense of agency depend upon the State – or is it something inalienable about one’s own being? Yet if one is to have the benefits of citizenship – such as security and access to public resources and services – then does not the State have the right to know who you are and what you claim to be in order to qualify for the benefits of citizenship? Absolutely – BUT only that minimum amount needed to make specific determinations for qualifications. In other words, the State needs the minimal information to make a specific decision. In which case, it may not need the actual information so much as an answer to a specific question. (More about this in the section on Trust Frameworks).This is one of the problems with National Identity Cards and other “universal identifiers” because they can collect and share far more information than is needed to make a narrow determination. Hence, they are fuel for mischief.
So the approach that ID3 endorses is for people to have multiple “personas,” each with their own criteria and certificate for qualification which can be “issued” by a State, Bank, Co-Op, Trust Framework, or in fact, any “ trusted” party. The “seed “ or root identity, that is, one’s biological, living identity is something that only you – what some people call awkwardly the “data subject” – control, and this information is stored in a global cloud only accessible to you – not under the control of any sovereign state. In this approach only you the live person know that all the different persona “resolve” to you and only you. But that leaves one huge question remaining, how does anyone or anything know and trust that you are who say you are? Who controls that “proof” – who trusts that “proof”? And why” We do not have a definitive answer, but we have an approach that we would like to advocate: instead of having a physical “entity” provide the certificate – such as a State – make it algorithmic – that is, select a class of algorithms and processes that a diverse set of open source expert test to be robust and secure, and use those identity proof algorithms whose results would be encrypted and stored in a cloud only accessible to the individual. ( Think of Bit Torrent and “crypto-currencies such as “Bitcoin”) Such process could be combinations of biometric, knowledge-based, and behavioral “signatures”. One of the important benefits of this approach is that it encourages highly distributed and multiple ways of authenticating identities and certifying claims people make about themselves – age – income – education – residence – health etc. From the beginning, there should be multiple “persona,” each with their own tokens and signatures so that the parties “issuing” and standing behind these personas would become motivated to be highly innovative with narrow scopes of authority. The point is to avoid any structural monopoly or “mono-culture,” for the concentration of identity and authentication services increases risks for security breaches and for privacy abuses.
Technologies for Core Identities:
B. Controlling Access to Resources and Services: Managing the Risk Of Trust and Privileges:
It is hard to imagine anything more fundamental to the functioning of any sovereign entity or institution than the determination of eligibility for membership. Physical boundaries and visible markers of family, clan, tribe, nation, school, caste, class are all social signals intended to communicate and enforce boundaries that set norms and control access to coveted resources. The power to define and categorize others and to assign access and privileges based upon criteria determined by the group is really the paramount power of any state or organization. Consider the power of granting citizenship for emigrants or the granting of credit to mortgage applicants, or health care to the uninsured – all entail the same fundamental process of assessing a credential and then determining whether the party in question has the right credential to qualify. This process has been enveloped in elaborate social rituals intended to conserve and protect processes for managing the risks and abuses of such processes. Some categories are fixed for life – others are malleable and dynamic, and much of the differences and conflicts between cultures, religions and polities can be traced to how they define and enforce these processes. Social roles have been designated and stabilized over millennia for guarding the interests and privileges that arise from the allocation of social privilege and these are embedded in customs, norms, laws and beliefs. Now imagine a combination of technologies that will completely disrupt that process and introduce new efficiencies of risk mitigation, sharing and allocation of resources, privileges and information hitherto impossible. What happens to those institutions – governments, banks, schools, insurance companies, healthcare providers – that once controlled those processes when these processes become vastly more efficient and seamless – and eventually commoditized? What happens when what had once been a very powerful social and economic function that bequeathed special privileges and social status, becomes folded into the background of human social intercourse?
How Might This Happen?
When the Internet was developed by DARPA over 40 years ago little thought was given to having a rigorous authentication processes. Username and passwords seemed to work and later certificates and PKI and other security measures were overlaid. But authentication was not designed in. Hence, we are stuck with a lack of security and the very unseemly process of password controls and relentless logins. The problem was recognized early on and yet there was no systemic solution. Now what if it were possible to have one credential – like an email address or some more secure credential like a Core Identity “token” that could be used across multiple sites and only share the right kind and the right amount of information? Not only would the “relying “ website know that you were who you said you were, but that you also had the right set of credentials for access to the resources or privileges that you wanted. On the user’s side what if you knew with a high degree of certainty that the site that you were sharing the information with was who they said they were and that they would only use the information that they were supposed to and in the agreed to way? In this scenario not only does the hassle of passwords go away, but so does the hassle and risks of logins and unauthorized use of information. To many this seems too much like the Holy Grail to be true. But it is and the technology is being alpha tested by large and small enterprises alike.
But that is only part of the story of future massive disruption. At present, the business of authentication is reserved for only highly accredited “identity providers” such as financial service vendors, governments, credit bureaus, and the like. Moreover, the information required to complete an identity check is hard to come by and hence, the process of providing high level identity and “claims” checks is timely and expensive. One of the reasons that Google, Facebook, and My Space – all resisted identity checks for children and tighter privacy and security controls in general is not just the cumbersomeness of the process, but also the cost of paying trusted identity services. Moreover, given the difficulty of establishing “equivalence of credentials” among different identity providers ,and the absolute fear of liabilities and breaches, identity providers are highly risk adverse. However, with a slew of new encryption technologies, - distributed storage and processing, cloaking s to defeat unwanted linking and “sniffing,” zero knowledge proof techniques, perishable IDs and passwords, data mining of mobile to develop unique identity and behavioral signatures, - security and authentication technologies are becoming much stronger, cheaper and ubiquitous. Given that with such technologies it is possible for virtually anyone anywhere to become an identity provider, and thereby dynamically allocate and revoke identity tokens and privileges, the authoritative powers of centralized authorizing sources and identity providers become increasingly diminished.
This is what the Internet does so well and has done in the past: it breaks down the access control powers of concentrated, hierarchical networks and spreads them around to those places or nodes where the data is fresh. Yes, Power Laws do emerge – note the dominance of Google in Search and Amazon in Commerce – but in this case, the new architecture is truly peer to peer where no one network or authority would dominate, but rather, dynamic collections of interoperable small networks would proliferate with competing approaches to risk and identity. The boundaries/ borders of such new social networks would not be fixed, but would dynamically reconfigure themselves according to the social signals they responded to– such as, variable membership criteria and ephemeral credentials or identifiers.
Although the image of dynamically allocated and revoked rights and privileges may seem unsettling and chaotic, they would not be if their metrics for trust and risk reduction were truly effective and robust. Rather than being hampered by credentials that were static, coarse grained, inappropriate and out of date, these new self governing networks would be constantly adjusting their credentials and metrics to afford the most social liquidity at the lowest risk. In doing so, they would seem less uncertain and arbitrary, and hence, more responsive and trust worthy than traditional hierarchical credentialing institutions. Given the failure of current institutions, this kind of social technology could play an enormous role in implementing new social contracts that are equal to the challenges of highly interconnected and volatile social relationships. The more open such networks are to feedback and revision, the better equipped they are to adapt to the complexities of the 21st century and beyond.
These technologies have been in a process of rapid evolution over the last ten years and have been primarily driven by social media’s need find customer friendly ways of vetting data security and privacy risks while at the same time encouraging data sharing and monetization. While there have been robust security, federation and authorization technologies for over a decade they are difficult and costly to develop and support and entail a horrible user experience. The focus of such technologies have been around compliance and protecting the enterprise. Not only were they not consumer friendly, but they are not developer friendly. Now that has changed primarily through the activities of the open source community working closely with social media giants such as Google and Facebook. Much of this software was developed as separate activities, but now they are converging around the combination of OAuth2.O, Open ID Connect and UMA . (User Access Management) New open source identity platforms are being developed and supported by a major Defense Contractor, MITRE, as well as by many companies and universities. But the big test will come when relatively anyone can use these technologies to launch their own trusted social networks and services that perform in a way that suits them. Clearly there will be intense efforts by threatened incumbents to rein in this “new chaos” just as there were efforts to “rein in” the Internet twenty years ago. But this time, efficacy, liquidity, trust and value creation of this new ecosystem will so severely and rapidly out compete the old social order that the switch over will be faster than anticipated.